Meet the Experts Behind Bespoke Consulting Solutions for Digital Assets.

Effective as of: November 1, 2024

Introduction

Cryptic Broker is committed to respecting your privacy and protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard information from users (“you”) of the Cryptic Broker website and services. It also outlines your rights under relevant data protection laws, including the EU General Data Protection Regulation (“GDPR”). Cryptic Broker (“we” or “us”), as the data controller for personal information collected through our platform, processes data in accordance with applicable laws. By using our services, you consent to the practices described in this Privacy Policy.

Data Controller: Cryptic Broker is a company registered. For the purposes of EU data protection law, Cryptic Broker is the “data controller” of your personal data collected via our website or in the course of our services. You can find our contact details at the end of this Privacy Policy.

Information We Collect

We may collect and process the following categories of personal data:

Information You Provide Directly: When you fill out forms (including Tally.so forms) or otherwise communicate with us, you may provide personal data. This can include:

Contact Information: Your name, email address, telephone number, company/organization name, and job title/role.

Profile Information: If you are a project founder, we might collect information about your project (project name, description, website, funding needs, etc.). If you are an investor, we might collect information about your investment preferences, focus areas, and background.

Identification Details: In some cases, particularly for compliance (e.g., anti-money laundering checks) or contract purposes, we might request additional details like your registered business address, identification number, or copies of identification documents. (We will only request such information when legally required or necessary for the specific service, and we will handle it with care.)

Communications: Any correspondence you send us, such as emails, messages, or other communications. If you participate in any surveys or provide feedback, that information is collected as well.

Information We Collect Automatically: When you visit our website, we may automatically collect certain technical information:

Usage Data: This includes your IP address, browser type and version, device type, operating system, referral source (how you arrived at our site), pages viewed, and the dates/times of your visits.

Cookies and Similar Technologies: We use cookies or similar tracking tools to enhance user experience, gather analytics about site usage, and for security purposes. Cookies are small text files stored on your device. For instance, we may use Google Analytics or comparable analytics services to understand how users engage with our site (which pages are visited, how long is spent, etc.). These tools may set cookies in your browser. You can manage or disable cookies through your browser settings, but note that some parts of our site might not function properly without them. (See “Cookies and Tracking” below for more details.)

Information from Third Parties: We might receive information about you from third-party sources in some cases:

If you interact with us on social media or other platforms (for example, via a LinkedIn request or Twitter message), we may receive basic profile information from that service.

If an associate or partner refers you to us, they might provide us with your contact information and the context of the referral.

If we perform background checks or due diligence (e.g., checking public databases or LinkedIn to verify a startup founder’s profile or an investor’s firm), we might collect information from those publicly available sources.

Our Tally form provider may collect metadata (like submission timestamps, IP address of form submissions) which is made available to us.

We aim to limit the personal data we collect to only what is necessary for the purposes described in this Policy. You have the choice not to provide certain personal information. However, note that if you decline to provide information marked as required (for example, your contact details on an onboarding form), we may not be able to offer you our services or respond to your request.

How We Use Your Information

Cryptic Broker uses the collected information for various legitimate purposes, including:

Service Delivery: To operate our advisory and matchmaking services. For example, if you are a project seeking investment, we use the information you provide about your project to analyze it and potentially introduce you to suitable investors. If you are an investor, we use information about your investment criteria to match you with relevant projects. Essentially, your data enables us to facilitate the introductions or advice you seek from our platform.

Communication: To communicate with you about our services. This includes responding to inquiries you send us, arranging meetings or calls, sending updates on potential matches or opportunities, and notifying you of relevant developments. We may also send administrative emails (e.g., to confirm receipt of your information, or to inform you of changes to our terms or policies).

Improvement and Analytics: To analyze and improve our website and services. We may use aggregated usage data to understand how users interact with our site, identify trends, and enhance user experience. For instance, we might track that a certain page is frequently visited and decide to add more information to it based on user interest. Analytics help us ensure our platform is intuitive and useful. (We generally use anonymized or aggregated data for such purposes, which does not identify you personally.)

Compliance and Legal Obligations: To comply with legal obligations and protect our legal rights. This includes using personal data for complying with GDPR requirements, maintaining business records, honoring opt-out requests, and in some cases, performing due diligence to avoid fraud or illicit activities. For example, we may process identification information to comply with anti-money laundering laws or to ensure neither party to a transaction is sanctioned or otherwise prohibited. If required, we may use and disclose personal data in response to lawful requests by public authorities (e.g., to meet national security or law enforcement requirements).

Security: To ensure the security of our platform and protect against misuse. We may use data like IP addresses or user activity to detect and prevent fraudulent access, spam, or other abuses. This helps us keep the website safe and operational.

Marketing (Limited): Cryptic Broker does not currently engage in mass marketing or newsletter campaigns, and we will not sell or rent your personal data to third-party marketers. We may, however, from time to time send you information about Cryptic Broker’s own services or new offerings that we think might interest you (for example, an event we are hosting or a new service feature), but only if you have a pre-existing relationship with us or have consented to such communications. You will have the ability to opt-out of any such communications at any time.

Legal Bases for Processing (EU visitors): Under the GDPR, we rely on certain legal grounds to process your personal data, which include:

Consent: For example, when you voluntarily submit information through our forms to request our services, we interpret that as consent to use that information to contact you and evaluate your needs. If we ever process sensitive personal data or plan to use your data in a new way, we would seek explicit consent when required. You have the right to withdraw consent at any time, which will not affect the lawfulness of processing based on consent before its withdrawal.

Contract: Much of our data processing is to take steps at your request prior to entering into a potential contract or to fulfill our obligations under a contract with you. For instance, if you sign an advisory contract with us, processing of your contact info and any necessary personal data is done on the basis that it’s necessary for performing that contract (providing the service you asked for).

Legitimate Interests: We process certain data as needed for our legitimate interests, provided those are not overridden by your data protection rights. Our legitimate interests include providing and improving our services, securing our platform, and communicating with users. When we rely on this basis, we ensure that the processing is proportionate and respects your privacy rights. For example, using an investor’s publicly available professional information to match them with a project can be a legitimate interest of both Cryptic Broker and the investor, and it’s done in a way that the investor would reasonably expect when they engage with a matchmaking service.

Legal Obligation: When processing is necessary for us to comply with a legal obligation, we will do so. For instance, retaining certain transaction records for tax or accounting purposes, or conducting AML checks under Portuguese law if applicable, would fall under this basis.

If you have any questions about the legal basis on which we process your personal data, feel free to contact us (see Contact section).

Cookies and Tracking

Cryptic Broker’s website uses cookies and similar tracking technologies to provide and improve our services. Here is how we approach these:

Types of Cookies: We use both essential cookies (necessary for the website to function, e.g., to remember your preferences or keep you logged in if applicable) and analytics cookies. Analytics cookies (from tools like Google Analytics) collect information about how visitors use our site (pages visited, time spent, etc.) and help us improve the website’s performance and design. We do not use cookies for advertising or profiling purposes.

Third-Party Cookies: As mentioned, we may use Google Analytics or similar services. These providers set their own cookies to track user interactions. Google may store the information collected by its cookies on servers in the United States or elsewhere. We have configured Google Analytics to anonymize IP addresses where possible (which means the last digits of your IP are masked to protect your identity).

Your Choices: When you first visit our site, you may see a cookie notice or banner if required by law. You can choose to accept or reject non-essential cookies. Even if you accept, you can always control cookies through your browser settings. Most web browsers allow you to refuse new cookies, delete existing cookies, or be notified when new cookies are set. Please note, rejecting or deleting cookies may impact your user experience (for instance, some parts of the site might not remember your preferences).

We also respect “Do Not Track” (DNT) signals to the extent possible. If your browser is configured to send a DNT signal, our analytics will attempt to respect that preference.

For more details on our cookie usage or a list of specific cookies in use, please refer to our Cookie Policy (if available) or contact us.

How We Share Your Information

Cryptic Broker may need to share personal data with third parties in certain circumstances, but we do so carefully and only for the purposes outlined above. The types of entities with whom we may share information include:

Counterparties to Introductions: A core purpose of Cryptic Broker is to connect projects with investors. If you are a project seeking funding, we will share your project pitch information (and potentially founder contact details) with selected prospective investors that we believe are a fit. Conversely, if you are an investor open to opportunities, we might share your profile or investment interests with certain project teams. We do this with discretion – e.g., we typically share only necessary info (like project deck, team background, and contact email) and we ensure both sides understand that information is being exchanged for evaluation of a potential engagement. By providing your information for matchmaking, you consent to this type of information sharing. We will not, for example, blast your confidential pitch to the general public; sharing is targeted and purposeful.

Service Providers: We use trusted third-party service providers to help operate our business. These include:

Form and Data Services: We utilize Tally (tally.so) for form collection. Tally, being based in the EU (Belgium), stores form response data on our behalf. They are GDPR-compliant and store data in Europe. We have entered into a Data Processing Agreement with such providers where applicable to ensure they protect data to GDPR standards.

Cloud Storage and IT: We may store data on cloud platforms (like Google Workspace or similar EU-based cloud services) for organizing submissions, or use project management tools to track leads. Any such provider we use will have appropriate security measures and, if outside the EEA, will be subject to data protection safeguards (see “International Transfers” below).

Communication Tools: If we use email delivery services (like an email newsletter service) or scheduling tools that process your contact info, those providers will handle data only as instructed by us and not for their own purposes.

Analytics Providers: As noted, Google Analytics or similar may process usage data on our behalf. These analytics providers act as our processors for analytical information.

We only share with service providers the information necessary for them to perform their services. They are contractually obligated to protect your data and use it only for providing services to Cryptic Broker.

Advisors and Professional Services: We may share information with our lawyers, accountants, or other professional advisors as necessary for obtaining advice or to protect and manage our business interests. For example, if we need legal advice regarding a particular referral arrangement, we might share relevant information with our legal counsel under confidentiality. Similarly, in preparing financial statements, our accountant may see transaction records that include personal data (like names in invoices).

Legal and Regulatory Disclosures: We may disclose personal data if required to do so by law or in the good-faith belief that such action is necessary to (a) comply with a legal obligation (such as a court order, subpoena, or regulatory request), (b) protect our rights or property, (c) prevent or investigate possible wrongdoing in connection with the services (such as fraud or security incidents), or (d) protect the personal safety of users or the public. For instance, if the Portuguese data protection authority or a court compels us to provide certain data, we will comply to the extent required.

Business Transfers: If Cryptic Broker is involved in a merger, acquisition, financing due diligence, restructuring, insolvency, or sale of all or part of our business, personal data may be transferred to a successor or affiliate as part of that transaction. We would ensure that any such entity is bound by similar privacy protections for your data. In the event of an actual acquisition or merger, we will notify affected users if their personal data becomes subject to a new privacy policy.

We do not sell personal information to third parties for monetary consideration. We also do not share your information with third parties for their own direct marketing purposes unless you have provided consent.

Whenever we share personal data, we take steps to ensure it is handled securely and lawfully. All third parties are expected to provide reasonable security for personal data and, if they are processing EU personal data, to act in compliance with GDPR or equivalent laws.

International Data Transfers

Cryptic Broker is based in the European Union. However, given the international nature of web services and cross-border investor relations, some personal data may be transferred to or accessed from outside the European Economic Area (EEA):

EEA Storage and Processing: Primarily, we strive to store and process personal data within the EEA. For example, as noted, our form data via Tally is stored on servers in the EU. Many of our partners (and the investors/projects we connect) are also within the EU.

Non-EEA Partners: If you are a user outside the EU or if we connect you with an entity outside the EU, then by the nature of that interaction your information will cross borders. For instance, if a U.S.-based investor is interested in a European project, the project’s pitch (with personal data of founders) will be sent to the U.S. investor, and vice versa. Such transfers are directly initiated by you or necessary for the service you requested (connecting with international investors/projects). We consider this data transfer consented to by you when you choose to engage with international opportunities. However, we still ensure that any party receiving EU personal data is aware of their obligation to handle it lawfully (for example, through contractual commitments or verifying they have adequate safeguards).

Service Providers Abroad: Some service providers we use might be located or have servers outside the EEA. For example, if we use Google services, data might be processed in the United States. When we transfer personal data to a country that the European Commission has not recognized as providing an adequate level of data protection, we will use appropriate safeguards as required by GDPR. The most common safeguard is the use of Standard Contractual Clauses (SCCs) – contractual terms approved by the European Commission that legally bind the recipient to protect the data. We may also rely on other mechanisms such as verified compliance with frameworks like the EU-US Data Privacy Framework (if applicable in the future), or binding corporate rules, as relevant.

In all cases, our international data transfers are done in compliance with Chapter V of the GDPR, ensuring that an equivalent level of data protection travels with your data. We also assess on a case-by-case basis whether additional technical or organizational measures are needed (for instance, encryption in transit and at rest, data minimization, etc., especially when transferring to jurisdictions with strong surveillance powers).

If you would like more information about the international transfer of your personal data or the specific safeguards in place, please contact us. We can provide copies of relevant contractual clauses or further details as appropriate.

Data Retention

Cryptic Broker retains personal data only for as long as is necessary to fulfill the purposes for which it was collected, or to comply with legal or contractual obligations.

If you submit information to seek our services (investor/project matchmaking), we will retain your information while your project is under consideration or your investor profile is active in our network. If there is a prolonged period of inactivity or if you inform us that you no longer wish to be in our database, we may delete or anonymize your information.

If you become a client (e.g., sign an advisory contract or successfully raise funds through our introduction), we will retain relevant information for the duration of the business relationship and thereafter as required by law or our legitimate interests. For instance, Portuguese law may require retaining certain records for 5 to 10 years for tax, accounting, or anti-money laundering purposes. We will securely store the minimum data needed for such compliance.

Communications (emails, messages) may be retained as business records for a certain time. Typically, important communications are kept for at least a few years in case issues arise, but we will purge or archive older communications periodically if they are no longer needed.

Web analytics data (like cookies) is usually retained as per the tool’s default settings (Google Analytics, for example, might retain non-personally identifiable data for 14 months or as configured). We ensure any data in analytics is either not personal or is deleted within a reasonable period.

When we no longer have a legitimate need to retain your personal data, we will securely delete or anonymize it. For example, if an introduction did not result in any engagement and the information is clearly stale (say, after 2 years), we might remove that from our active systems. In some cases, we might retain minimal information (name, contact, and note that you’ve asked not to be contacted) to honor future opt-out requests or ensure we don’t inadvertently reach out after you’ve disengaged.

If deletion is not immediately feasible (for example, because the data is stored in secure backups), we will ensure it is isolated and protected from further processing until deletion is possible.

Your Rights

If you are located in the European Union or a jurisdiction with similar data protection laws, you have certain rights regarding your personal data. Cryptic Broker is committed to upholding these rights. Specifically, under the GDPR (and analogous laws), you have the right to:

Access Your Data: You can request confirmation of whether we are processing your personal data and, if so, request a copy of the personal data we hold about you. This is commonly known as a Subject Access Request. We will provide you with a copy of your data, along with relevant information (such as the purposes of processing, the categories of data, and any third parties with whom it’s shared) unless an exception applies.

Rectification: If any personal data we have about you is incorrect or incomplete, you have the right to request correction. You can also provide supplementary information to us to ensure your data is accurate.

Erasure: You may request that we delete your personal data in certain circumstances – for example, if the data is no longer necessary for the purposes it was collected, if you withdraw consent (and no other legal basis for processing exists), or if you object to processing and we have no overriding legitimate grounds. We will honor valid requests for deletion. Please note some data may be exempt from deletion if we have a legal obligation to retain it (e.g., transaction records for financial compliance) or if it is needed for the establishment, exercise, or defense of legal claims.

Restriction of Processing: You have the right to ask us to restrict (i.e., suspend) processing of your personal data if you contest its accuracy, if the processing is unlawful but you oppose erasure, if we no longer need the data but you need it for legal claims, or if you have objected to processing pending verification of our legitimate grounds. When processing is restricted, we will store your data but not use it, until the issue is resolved.

Data Portability: To the extent that we process your data by automated means based on your consent or on a contract with you, you have the right to receive that personal data in a structured, commonly used, machine-readable format and to transmit it to another controller. In practical terms, this might apply if you provided us a set of data and we processed it electronically— we can provide you an export of that data upon request.

Object to Processing: You have the right to object to our processing of your personal data when we do so based on legitimate interests (including profiling based on those interests). You also have an absolute right to object to direct marketing (which we will respect – as noted, we don’t do much marketing, but if you get something and don’t want it, let us know). If you object to processing based on legitimate interests, we will assess whether our grounds for processing override your privacy rights. If they do not, we will cease the processing objected to.

Withdraw Consent: If we are processing your personal data based on your consent, you have the right to withdraw that consent at any time. For example, if you gave consent to be introduced to investors and later change your mind, you can notify us to stop that process. Withdrawal of consent will not affect the lawfulness of processing already carried out, but we will stop the consent-based processing going forward.

Not to be Subject to Automated Decision-Making: Cryptic Broker does not currently make any decisions about you that have legal or similarly significant effects solely by automated means (without human involvement). In case we ever implement such processes, you would have rights to certain protections and to contest those decisions. As of now, all matchmaking and advisory decisions involve human judgement.

To exercise any of these rights, please contact us at the email or address provided in the Contact section below. We may need to verify your identity before fulfilling certain requests (to ensure that we don’t disclose data to an unauthorized person). We will respond to your request within one month, or inform you if we need more time (up to an additional two months for complex requests).

If you believe we have not complied with your data protection rights, you have the right to lodge a complaint with a supervisory authority. Cryptic Broker is under the jurisdiction of the Portuguese Data Protection Authority (Comissão Nacional de Protecção de Dados, “CNPD”). You can find their contact details on the CNPD website, or you may choose to contact your local EU Data Protection Authority. Of course, we would appreciate the chance to address your concerns directly first, so we encourage you to reach out to us with any complaints or issues.

Data Security

Cryptic Broker takes data security seriously. We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. These measures include:

Encryption: Where applicable, we use encryption to protect data. For example, our website employs HTTPS/TLS to encrypt data in transit between your browser and our site. Sensitive files and backups are stored encrypted at rest when using cloud services that offer encryption.

Access Control: Personal data is accessible only to those in our team or our trusted service providers who need access to perform their duties. Access to personal data is password-protected and, for highly sensitive data, restricted further by role. We train our staff on the importance of privacy and security.

Monitoring and Patching: We keep our systems and software up to date to protect against security vulnerabilities. We monitor our systems for possible intrusions or attacks. If we use third-party services, we rely on reputable providers who have their own robust security practices.

Anonymization: When possible, we anonymize or pseudonymize data, especially for analytics or after a certain retention period, so that individuals are not identifiable.

Physical Security: Our physical office (if any personal data is stored or accessed there) is secured, and any physical documents containing personal data are kept in locked cabinets with limited access.

Despite our efforts, no method of transmission or storage is completely secure. Therefore, we cannot guarantee absolute security of your information. In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant authorities as required by law (for instance, under the GDPR, we would notify CNPD within 72 hours of becoming aware of a serious breach and inform affected individuals promptly).

We also encourage you to take precautions with your personal data. Understand that any information you share in public areas (like comments on our social media posts) can be seen by others. Be cautious and avoid sharing sensitive personal information in places that are not protected.

Children’s Privacy

Cryptic Broker’s services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children. Our website and services are designed for businesses and professionals in the blockchain and investment industry. If you are under 18, please do not submit any personal information to us.

If we become aware that we have inadvertently collected personal data from a child under 18, we will take steps to delete such information as soon as possible. If you believe that we might have any information from or about a minor, please contact us immediately so that we can address it.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we update the policy, we will revise the “last updated” date at the top of the policy. If the changes are significant, we may also provide a more prominent notice (such as via email notification or a banner on our website) to inform you.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of Cryptic Broker’s services after any changes to this Privacy Policy constitutes acceptance of those changes, to the extent permitted by law.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:

Cryptic Broker – Privacy Office

We will do our best to address and resolve any issues you bring to our attention. Your privacy is important to us, and we value the trust you place in Cryptic Broker.